CVE-2023-32629

Public Exploit

Description

Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels

Remediation

Workaround:

If not needed, disable the ability for unprivileged users to create namespaces. To do this temporarily, do: sudo sysctl -w kernel.unprivileged_userns_clone=0 To disable across reboots, do: echo kernel.unprivileged_userns_clone=0 | \ sudo tee /etc/sysctl.d/99-disable-unpriv-userns.conf

References

Link	Tags
https://ubuntu.com/security/notices/USN-6250-1	vendor advisory
https://lists.ubuntu.com/archives/kernel-team/2023-July/140920.html	patch mailing list
https://wiz.io/blog/ubuntu-overlayfs-vulnerability	exploit technical description
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32629	third party advisory issue tracking
http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html

Frequently Asked Questions

What is the severity of CVE-2023-32629?: CVE-2023-32629 has been scored as a high severity vulnerability.
How to fix CVE-2023-32629?: As a workaround for remediating CVE-2023-32629: If not needed, disable the ability for unprivileged users to create namespaces. To do this temporarily, do: sudo sysctl -w kernel.unprivileged_userns_clone=0 To disable across reboots, do: echo kernel.unprivileged_userns_clone=0 | \ sudo tee /etc/sysctl.d/99-disable-unpriv-userns.conf
Is CVE-2023-32629 being actively exploited in the wild?: It is possible that CVE-2023-32629 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~59% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-32629?: CVE-2023-32629 affects Canonical Ubuntu Kernel.

Description

Remediation

Category

CWE-863 – Incorrect Authorization

References

Frequently Asked Questions